CVE Tracker

CVE ID	Severity	EPSS	Vendor	Description	Date	Status
CVE-2013-6282	High	67.7%	LinuxKernel	The get_user and put_user API functions of the Linux kernel fail to validate the target address when being used on ARM v6k/v7 platforms. This allows an application to read and write kernel memory which could lead to privilege escalation.	Sep 15, 2022	KEV
CVE-2013-2094	High	58.5%	LinuxKernel	Linux kernel fails to check all 64 bits of attr.config passed by user space, resulting to out-of-bounds access of the perf_swevent_enabled array in sw_perf_event_destroy(). Explotation allows for privilege escalation.	Sep 15, 2022	KEV
CVE-2020-28949	High	93.0%	PEARArchive_Tar	PEAR Archive_Tar allows an unserialization attack because phar: is blocked but PHAR: is not blocked. PEAR stands for PHP Extension and Application Repository and it is an open-source framework and distribution system for reusable PHP components with known usage in third-party products such as Drupal Core and Red Hat Linux.	Aug 25, 2022	KEV
CVE-2020-36193	High	71.1%	PEARArchive_Tar	PEAR Archive_Tar Tar.php allows write operations with directory traversal due to inadequate checking of symbolic links. PEAR stands for PHP Extension and Application Repository and it is an open-source framework and distribution system for reusable PHP components with known usage in third-party products such as Drupal Core and Red Hat Linux.	Aug 25, 2022	KEV
CVE-2022-30333	High	92.8%	RARLABUnRAR	RARLAB UnRAR on Linux and UNIX contains a directory traversal vulnerability, allowing an attacker to write to files during an extract (unpack) operation.	Aug 9, 2022	KEV
CVE-2014-3153	High	68.9%	LinuxKernel	The futex_requeue function in kernel/futex.c in Linux kernel does not ensure that calls have two different futex addresses, which allows local users to gain privileges.	May 25, 2022	KEV
CVE-2022-0847	High	82.4%	LinuxKernel	Linux kernel contains an improper initialization vulnerability where an unprivileged local user could escalate their privileges on the system. This vulnerability has the moniker of "Dirty Pipe."	Apr 25, 2022	KEV
CVE-2021-22600	High	0.1%	LinuxKernel	Linux Kernel contains a flaw in the packet socket (AF_PACKET) implementation which could lead to incorrectly freeing memory. A local user could exploit this for denial-of-service (DoS) or possibly for privilege escalation.	Apr 11, 2022	KEV
CVE-2016-5195	High	94.2%	LinuxKernel	Race condition in mm/gup.c in the Linux kernel allows local users to escalate privileges.	Mar 3, 2022	KEV
CVE-2016-7855	High	46.9%	AdobeFlash Player	Use-after-free vulnerability in Adobe Flash Player Windows and OS and Linux allows remote attackers to execute arbitrary code.	Mar 3, 2022	KEV
CVE-2019-13272	High	81.3%	LinuxKernel	Kernel/ptrace.c in Linux kernel mishandles contains an improper privilege management vulnerability that allows local users to obtain root access.	Dec 10, 2021	KEV
CVE-2010-1871	High	93.8%	Red HatJBoss Seam 2	JBoss Seam 2 (jboss-seam2), as used in JBoss Enterprise Application Platform 4.3.0 for Red Hat Linux, allows attackers to perform remote code execution. This vulnerability can only be exploited when the Java Security Manager is not properly configured.	Dec 10, 2021	KEV
CVE-2019-2215	High	52.9%	AndroidAndroid Kernel	Android Kernel contains a use-after-free vulnerability in binder.c that allows for privilege escalation from an application to the Linux Kernel. This vulnerability was observed chained with CVE-2020-0041 and CVE-2020-0069 under exploit chain "AbstractEmu."	Nov 3, 2021	KEV
CVE-2020-0069	High	0.7%	MediaTekMultiple Chipsets	Multiple MediaTek chipsets contain an insufficient input validation vulnerability and have missing SELinux restrictions in the Command Queue drivers ioctl handlers. This causes an out-of-bounds write leading to privilege escalation. This vulnerability was observed chained with CVE-2019-2215 and CVE-2020-0041 under exploit chain "AbstractEmu."	Nov 3, 2021	KEV

CVE-2013-6282KEV

High

The get_user and put_user API functions of the Linux kernel fail to validate the target address when being used on ARM v6k/v7 platforms. This allows an application to read and write kernel memory which could lead to privilege escalation.

LinuxEPSS 67.7%

CVE-2013-2094KEV

High

Linux kernel fails to check all 64 bits of attr.config passed by user space, resulting to out-of-bounds access of the perf_swevent_enabled array in sw_perf_event_destroy(). Explotation allows for privilege escalation.

LinuxEPSS 58.5%

CVE-2020-28949KEV

High

PEAR Archive_Tar allows an unserialization attack because phar: is blocked but PHAR: is not blocked. PEAR stands for PHP Extension and Application Repository and it is an open-source framework and distribution system for reusable PHP components with known usage in third-party products such as Drupal Core and Red Hat Linux.

PEAREPSS 93.0%

CVE-2020-36193KEV

High

PEAR Archive_Tar Tar.php allows write operations with directory traversal due to inadequate checking of symbolic links. PEAR stands for PHP Extension and Application Repository and it is an open-source framework and distribution system for reusable PHP components with known usage in third-party products such as Drupal Core and Red Hat Linux.

PEAREPSS 71.1%

CVE-2022-30333KEV

High

RARLAB UnRAR on Linux and UNIX contains a directory traversal vulnerability, allowing an attacker to write to files during an extract (unpack) operation.

RARLABEPSS 92.8%

CVE-2014-3153KEV

High

The futex_requeue function in kernel/futex.c in Linux kernel does not ensure that calls have two different futex addresses, which allows local users to gain privileges.

LinuxEPSS 68.9%

CVE-2022-0847KEV

High

Linux kernel contains an improper initialization vulnerability where an unprivileged local user could escalate their privileges on the system. This vulnerability has the moniker of "Dirty Pipe."

LinuxEPSS 82.4%

CVE-2021-22600KEV

High

Linux Kernel contains a flaw in the packet socket (AF_PACKET) implementation which could lead to incorrectly freeing memory. A local user could exploit this for denial-of-service (DoS) or possibly for privilege escalation.

LinuxEPSS 0.1%

CVE-2016-5195KEV

High

Race condition in mm/gup.c in the Linux kernel allows local users to escalate privileges.

LinuxEPSS 94.2%

CVE-2016-7855KEV

High

Use-after-free vulnerability in Adobe Flash Player Windows and OS and Linux allows remote attackers to execute arbitrary code.

AdobeEPSS 46.9%

CVE-2019-13272KEV

High

Kernel/ptrace.c in Linux kernel mishandles contains an improper privilege management vulnerability that allows local users to obtain root access.

LinuxEPSS 81.3%

CVE-2010-1871KEV

High

JBoss Seam 2 (jboss-seam2), as used in JBoss Enterprise Application Platform 4.3.0 for Red Hat Linux, allows attackers to perform remote code execution. This vulnerability can only be exploited when the Java Security Manager is not properly configured.

Red HatEPSS 93.8%

CVE-2019-2215KEV

High

Android Kernel contains a use-after-free vulnerability in binder.c that allows for privilege escalation from an application to the Linux Kernel. This vulnerability was observed chained with CVE-2020-0041 and CVE-2020-0069 under exploit chain "AbstractEmu."

AndroidEPSS 52.9%

CVE-2020-0069KEV

High

Multiple MediaTek chipsets contain an insufficient input validation vulnerability and have missing SELinux restrictions in the Command Queue drivers ioctl handlers. This causes an out-of-bounds write leading to privilege escalation. This vulnerability was observed chained with CVE-2019-2215 and CVE-2020-0041 under exploit chain "AbstractEmu."

MediaTekEPSS 0.7%

1 2